@draftlab/auth 0.2.1 → 0.2.3

package/dist/core.d.ts

@@ -3,6 +3,7 @@ import { UnknownStateError } from "./error.js";
 import { Prettify } from "./util.js";
 import { SubjectPayload, SubjectSchema } from "./subject.js";
 import { StorageAdapter } from "./storage/storage.js";
+import { Plugin } from "./plugin/types.js";
 import { Provider } from "./provider/provider.js";
 import { Theme } from "./themes/theme.js";
 import { Router } from "@draftlab/auth-router";
@@ -79,6 +80,8 @@ interface IssuerInput<Providers extends Record<string, Provider<unknown>>, Subje
   error?(error: UnknownStateError, req: Request): Promise<Response>;
   /** Client authorization check function */
   allow?(input: AllowCheckInput, req: Request): Promise<boolean>;
+  /** Plugin configuration */
+  plugins?: Plugin[];
   /**
    * Refresh callback for updating user claims.
    *

package/dist/core.js

@@ -5,6 +5,7 @@ import { validatePKCE } from "./pkce.js";
 import { generateSecureToken } from "./random.js";
 import { Storage } from "./storage/storage.js";
 import { encryptionKeys, signingKeys } from "./keys.js";
+import { PluginManager } from "./plugin/manager.js";
 import { setTheme } from "./themes/theme.js";
 import { Select } from "./ui/select.js";
 import { CompactEncrypt, SignJWT, compactDecrypt } from "jose";
@@ -40,8 +41,8 @@ const issuer = (input) => {
 			headers: { "Content-Type": "text/plain" }
 		});
 	});
-	const ttlAccess = input.ttl?.access ?? 60 * 60 * 24 * 30;
-	const ttlRefresh = input.ttl?.refresh ?? 60 * 60 * 24 * 365;
+	const ttlAccess = input.ttl?.access ?? 3600 * 24 * 30;
+	const ttlRefresh = input.ttl?.refresh ?? 3600 * 24 * 365;
 	const ttlRefreshReuse = input.ttl?.reuse ?? 60;
 	const ttlRefreshRetention = input.ttl?.retention ?? 0;
 	if (input.theme) setTheme(input.theme);
@@ -255,6 +256,11 @@ const issuer = (input) => {
 		storage
 	};
 	const app = new Router({ basePath: input.basePath });
+	if (input.plugins && input.plugins.length > 0) {
+		const manager = new PluginManager(input.storage);
+		manager.registerAll(input.plugins);
+		manager.setupRoutes(app);
+	}
 	for (const [name, value] of Object.entries(input.providers)) {
 		const route = new Router();
 		route.use(async (c, next) => {
@@ -466,7 +472,7 @@ const issuer = (input) => {
 			redirectURI: redirect_uri,
 			audience
 		}, c.request)) throw new UnauthorizedClientError(client_id, redirect_uri);
-		await auth.set(c, "authorization", 60 * 60 * 24, authorization);
+		await auth.set(c, "authorization", 3600 * 24, authorization);
 		if (provider) return c.redirect(`${provider}/authorize`);
 		const availableProviders = Object.keys(input.providers);
 		if (availableProviders.length === 1) return c.redirect(`${availableProviders[0]}/authorize`);

package/dist/plugin/builder.d.ts

@@ -0,0 +1,10 @@
+import { PluginBuilder } from "./plugin.js";
+
+//#region src/plugin/builder.d.ts
+
+/**
+ * Create a new plugin
+ */
+declare const plugin: (id: string) => PluginBuilder;
+//#endregion
+export { plugin };

package/dist/plugin/builder.js

@@ -0,0 +1,49 @@
+//#region src/plugin/builder.ts
+/**
+* Create a new plugin
+*/
+const plugin = (id) => {
+	if (!id || typeof id !== "string") throw new Error("Plugin id must be a non-empty string");
+	const routes = [];
+	const registeredPaths = /* @__PURE__ */ new Set();
+	const validatePath = (path) => {
+		if (!path || typeof path !== "string") throw new Error("Route path must be a non-empty string");
+		if (!path.startsWith("/")) throw new Error("Route path must start with '/'");
+	};
+	return {
+		get(path, handler) {
+			validatePath(path);
+			const routeKey = `GET ${path}`;
+			if (registeredPaths.has(routeKey)) throw new Error(`Route ${routeKey} already registered in plugin '${id}'`);
+			registeredPaths.add(routeKey);
+			routes.push({
+				method: "GET",
+				path,
+				handler
+			});
+			return this;
+		},
+		post(path, handler) {
+			validatePath(path);
+			const routeKey = `POST ${path}`;
+			if (registeredPaths.has(routeKey)) throw new Error(`Route ${routeKey} already registered in plugin '${id}'`);
+			registeredPaths.add(routeKey);
+			routes.push({
+				method: "POST",
+				path,
+				handler
+			});
+			return this;
+		},
+		build() {
+			if (routes.length === 0) throw new Error(`Plugin '${id}' has no routes defined`);
+			return {
+				id,
+				routes
+			};
+		}
+	};
+};
+
+//#endregion
+export { plugin };

package/dist/plugin/manager.d.ts

@@ -0,0 +1,33 @@
+import { StorageAdapter } from "../storage/storage.js";
+import { Plugin } from "./types.js";
+import { Router } from "@draftlab/auth-router";
+
+//#region src/plugin/manager.d.ts
+
+declare class PluginManager {
+  private readonly plugins;
+  private readonly storage;
+  constructor(storage: StorageAdapter);
+  /**
+   * Register a plugin
+   */
+  register(plugin: Plugin): void;
+  /**
+   * Register multiple plugins at once
+   */
+  registerAll(plugins: Plugin[]): void;
+  /**
+   * Get all registered plugins
+   */
+  getAll(): Plugin[];
+  /**
+   * Get plugin by id
+   */
+  get(id: string): Plugin | undefined;
+  /**
+   * Setup plugin routes on a router
+   */
+  setupRoutes(router: Router): void;
+}
+//#endregion
+export { PluginManager };

package/dist/plugin/manager.js

@@ -0,0 +1,67 @@
+import { PluginError } from "./types.js";
+
+//#region src/plugin/manager.ts
+var PluginManager = class {
+	plugins = /* @__PURE__ */ new Map();
+	storage;
+	constructor(storage) {
+		this.storage = storage;
+	}
+	/**
+	* Register a plugin
+	*/
+	register(plugin) {
+		if (this.plugins.has(plugin.id)) throw new PluginError(`Plugin already registered`, plugin.id);
+		this.plugins.set(plugin.id, plugin);
+	}
+	/**
+	* Register multiple plugins at once
+	*/
+	registerAll(plugins) {
+		for (const plugin of plugins) this.register(plugin);
+	}
+	/**
+	* Get all registered plugins
+	*/
+	getAll() {
+		return Array.from(this.plugins.values());
+	}
+	/**
+	* Get plugin by id
+	*/
+	get(id) {
+		return this.plugins.get(id);
+	}
+	/**
+	* Setup plugin routes on a router
+	*/
+	setupRoutes(router) {
+		const registeredPaths = /* @__PURE__ */ new Set();
+		for (const plugin of this.plugins.values()) {
+			if (!plugin.routes) continue;
+			for (const route of plugin.routes) {
+				const fullPath = `/${plugin.id}${route.path}`;
+				if (registeredPaths.has(fullPath)) throw new PluginError(`Route conflict: ${fullPath} already registered`, plugin.id);
+				registeredPaths.add(fullPath);
+				const handler = async (ctx) => {
+					const pluginCtx = {
+						...ctx,
+						storage: this.storage
+					};
+					return await route.handler(pluginCtx);
+				};
+				switch (route.method) {
+					case "GET":
+						router.get(fullPath, handler);
+						break;
+					case "POST":
+						router.post(fullPath, handler);
+						break;
+				}
+			}
+		}
+	}
+};
+
+//#endregion
+export { PluginManager };

package/dist/plugin/plugin.d.ts

@@ -0,0 +1,17 @@
+import { Plugin, PluginRouteHandler } from "./types.js";
+
+//#region src/plugin/plugin.d.ts
+
+/**
+ * Plugin builder interface
+ */
+interface PluginBuilder {
+  /** Add GET route */
+  get(path: string, handler: PluginRouteHandler): PluginBuilder;
+  /** Add POST route */
+  post(path: string, handler: PluginRouteHandler): PluginBuilder;
+  /** Build the plugin */
+  build(): Plugin;
+}
+//#endregion
+export { PluginBuilder };

package/dist/plugin/types.d.ts

@@ -0,0 +1,40 @@
+import { StorageAdapter } from "../storage/storage.js";
+import { RouterContext } from "@draftlab/auth-router/types";
+
+//#region src/plugin/types.d.ts
+
+interface PluginContext extends RouterContext {
+  storage: StorageAdapter;
+}
+/**
+ * Plugin route handler function
+ */
+type PluginRouteHandler = (context: PluginContext) => Promise<Response>;
+/**
+ * Plugin route definition
+ */
+interface PluginRoute {
+  /** Route path (e.g., "/admin", "/stats") */
+  readonly path: string;
+  /** HTTP method */
+  readonly method: "GET" | "POST";
+  /** Route handler function */
+  readonly handler: PluginRouteHandler;
+}
+/**
+ * Main plugin interface
+ */
+interface Plugin {
+  /** Unique plugin identifier */
+  readonly id: string;
+  /** Custom routes added by this plugin */
+  readonly routes?: readonly PluginRoute[];
+}
+/**
+ * Plugin error types
+ */
+declare class PluginError extends Error {
+  constructor(message: string, pluginId: string);
+}
+//#endregion
+export { Plugin, PluginContext, PluginError, PluginRoute, PluginRouteHandler };

package/dist/plugin/types.js

@@ -0,0 +1,13 @@
+//#region src/plugin/types.ts
+/**
+* Plugin error types
+*/
+var PluginError = class extends Error {
+	constructor(message, pluginId) {
+		super(`[Plugin: ${pluginId}] ${message}`);
+		this.name = "PluginError";
+	}
+};
+
+//#endregion
+export { PluginError };

package/dist/provider/code.js

@@ -111,7 +111,7 @@ const CodeProvider = (config) => {
 			* Transitions between authentication states and renders the appropriate UI.
 			*/
 			const transition = async (c, nextState, formData, error) => {
-				await ctx.set(c, "provider", 60 * 60 * 24, nextState);
+				await ctx.set(c, "provider", 3600 * 24, nextState);
 				const response = await config.request(c.request, nextState, formData, error);
 				return ctx.forward(c, response);
 			};

package/dist/provider/oauth2.js

@@ -102,7 +102,7 @@ const Oauth2Provider = (config) => {
 			routes.get("/authorize", async (c) => {
 				const state = generateSecureToken();
 				const pkce = config.pkce ? await generatePKCE() : void 0;
-				await ctx.set(c, "provider", 60 * 10, {
+				await ctx.set(c, "provider", 600, {
 					state,
 					redirect: getRelativeUrl(c, "./callback"),
 					codeVerifier: pkce?.verifier

package/dist/provider/passkey.js

@@ -88,7 +88,7 @@ const PasskeyProvider = (config) => {
 	return {
 		type: "passkey",
 		init(routes, ctx) {
-			const { rpName, authenticatorSelection, attestationType = "none", timeout = 5 * 60 * 1e3 } = config;
+			const { rpName, authenticatorSelection, attestationType = "none", timeout = 300 * 1e3 } = config;
 			const getStoredUserById = async (userId) => {
 				return await Storage.get(ctx.storage, userKey(userId));
 			};

package/dist/provider/password.js

@@ -80,7 +80,7 @@ const PasswordProvider = (config) => {
 			*/
 			routes.get("/register", async (c) => {
 				const state = { type: "start" };
-				await ctx.set(c, "provider", 60 * 60 * 24, state);
+				await ctx.set(c, "provider", 3600 * 24, state);
 				return ctx.forward(c, await config.register(c.request, state));
 			});
 			/**
@@ -93,12 +93,12 @@ const PasswordProvider = (config) => {
 				let provider = await ctx.get(c, "provider");
 				if (!provider) {
 					const state = { type: "start" };
-					await ctx.set(c, "provider", 60 * 60 * 24, state);
+					await ctx.set(c, "provider", 3600 * 24, state);
 					if (action === "register") provider = state;
 					else return ctx.forward(c, await config.register(c.request, state));
 				}
 				const transition = async (next, err) => {
-					await ctx.set(c, "provider", 60 * 60 * 24, next);
+					await ctx.set(c, "provider", 3600 * 24, next);
 					return ctx.forward(c, await config.register(c.request, next, formData, err));
 				};
 				if (action === "register" && provider.type === "start") {
@@ -175,7 +175,7 @@ const PasswordProvider = (config) => {
 					type: "start",
 					redirect
 				};
-				await ctx.set(c, "provider", 60 * 60 * 24, state);
+				await ctx.set(c, "provider", 3600 * 24, state);
 				return ctx.forward(c, await config.change(c.request, state));
 			});
 			/**
@@ -187,7 +187,7 @@ const PasswordProvider = (config) => {
 				const provider = await ctx.get(c, "provider");
 				if (!provider) throw new UnknownStateError();
 				const transition = async (next, err) => {
-					await ctx.set(c, "provider", 60 * 60 * 24, next);
+					await ctx.set(c, "provider", 3600 * 24, next);
 					return ctx.forward(c, await config.change(c.request, next, formData, err));
 				};
 				if (action === "code") {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@draftlab/auth",
-  "version": "0.2.1",
+  "version": "0.2.3",
   "type": "module",
   "description": "Core implementation for @draftlab/auth",
   "author": "Matheus Pergoli",
@@ -37,8 +37,8 @@
   ],
   "license": "MIT",
   "devDependencies": {
-    "@types/node": "^24.0.14",
-    "tsdown": "^0.12.9",
+    "@types/node": "^24.1.0",
+    "tsdown": "^0.13.0",
     "typescript": "^5.8.3",
     "@draftlab/tsconfig": "0.1.0"
   },